Administering Users and Groups

Laserfiche security is based on users and groups. The permissions assigned to users or groups form the basis of your security policy on objects (i.e., documents, fields, volumes, etc.). Therefore, the maintenance of Laserfiche accounts or Windows or LDAP Account users and groups is essential to Laserfiche security.

There are four types of trustees: Laserfiche users, Laserfiche groups, Windows Accounts, and LDAP Accounts. Laserfiche users and groups are defined within Laserfiche. Windows Accounts and LDAP Accounts allows you to use existing domain or directory users and groups rather than defining new users and groups just for the Laserfiche repository.

A user is an account that allows a single person to authenticate to the repository and, with the appropriate rights, access documents and folders. A user's rights can be applied directly to the user account or—as is recommended—inherited from the user's groups.

A group is an account that collects a set of users. You can either create a group in Laserfiche or add a Windows domain or LDAP directory group. Groups of either kind reduce the burden on a Laserfiche administrator by allowing him or her to apply security settings to sets of users rather than having to explicitly assign the rights to individual accounts. Groups make it easier for administrators to apply security efficiently and consistently.

The Laserfiche Server maintains sets of users and groups that are used to authenticate to the Laserfiche repository. You can either create new users and groups that will be used with the repository, or you can configure Laserfiche to recognize a user's Windows or LDAP account and use that account to authenticate to the repository. All users and groups in Laserfiche must have unique names. The general term that refers to all kinds of users and groups in Laserfiche is trustee.

When creating Laserfiche groups, keep in mind that they are especially useful for administering Laserfiche users and Windows accounts. If you know that several users must have similar access to an object within the repository, it can be easier to manage the security policy on that object by assigning rights to the group instead of manually assigning identical rights to several users. Unless your security policy dictates that a specific user has a distinct set of rights different from the other members of a group, limit yourself to only modifying the security settings on groups.

Learn more about users

• About Users
• Creating a User
• Modifying a User's Properties
• Setting a User's Authentication Options
• Enabling/Disabling a User Account
• Deleting a User

Learn more about groups

• About Groups
• Creating a Group
• Modifying or Deleting a Group
• Configuring Group Membership

Learn more about domain and directory accounts

• About Windows and LDAP Authentication
• Windows Accounts
• LDAP Accounts

Free Training: User Management in Laserfiche 11 eLearning course in Aspire.